1. Field of the Invention
The present invention relates generally to authentication, and more particularly to a method, system, and computer-readable storage medium for authenticating a computing device.
2. Description of the Related Art
Computing systems and devices, as well as computer networks, are ubiquitous in modern society. Computing systems and devices take a variety of forms including desktop computers, laptop computers, multifunction peripherals (MFPs), Personal Digital Assistants (PDAs), tablet PCs, household devices, and the like. Computer networks enable computing devices to communicate with other computing devices and access information. However, by connecting to a computer network, a connected computing device can also potentially be open to security breaches. For example, another computing device may make a false claim about its identity in order to access information or a resource. Authenticating such a computing device helps guard against this type of security breach.
A first entity, such as a computing device, a user of a computing device, or an application, can be authenticated to a second entity in a variety of ways. For example, the first entity may authenticate to the second entity by providing secret data, such as a password, by use of a smart card, or by providing biometric information. These and/or other authentication factors may be used alone or in combination to authenticate the first entity to the second entity.
Authentication schemes are utilized in a variety of contexts. For example, a client may be required to authenticate to a server before the client is permitted to access a resource on the server. Further by way of example, a first peer may be required to authenticate to a second peer before the first peer is permitted to provide information to or obtain information from the second peer.
In the context of peer-to-peer communications, a peer may be authorized to distribute configuration information to other peers. The peer sending the configuration information is referred to as a source peer and the peers to whom the configuration information is sent are referred to as target peers. For purposes of authentication, a user or administrator provides to the source peer the following information for each and every target peer: a username, a password, and an indication of the target peer to which the username and password correspond. Before the source peer is permitted to send the configuration information to the target peers, the source peer is authenticated to the target peers. The source peer provides a username and password to each of the target peers. For each target peer, if the username and password from the source peer matches the configuration username and password of the target peer, the source peer is authenticated to the target peer. The username of each target peer may be the same as or different than the respective usernames of the other target peers. Additionally, the password of each target peer may be the same as or different than the respective passwords of the other target peers.
In the above-described conventional process for authenticating a source peer, the user or administrator is required to provide information specifying the target device to which each username and password pair corresponds. Additionally, the user or administrator is required to provide a username and password pair for each and every target device even if the same username and password pair was already provided for a different target device.
What is more, in a case that the username and password from the source peer does not match the configuration username and password of the target peer, the target peer communicates to the source peer that the authentication has failed. In response, the source peer may try again to authenticate to the target peer by providing a different username and password pair. Thus, when a try-fail-try sequence such as described above is used to authenticate a source peer, additional communications over the network are required relative to a case in which the initial authentication attempt is successful. These additional communications can increase usage of network resources and slow down the authentication process.
Similarly, in the client-server context, when a try-fail-retry sequence is used to authenticate a client, additional communications over the network are required relative to a case in which an initial authentication attempt is successful. These additional communications can increase usage of network resources and slow down the authentication process.